Weijian Fang wrote:
Hi,We plan to use ACL to control page access. E.g., the following ACLs say only members of staff group can view and edit the page: [{ALLOW edit StaffGroup}], where StaffGroup is a wiki group defined to include all members of staff. This is convenient but causes a problem: any member of staff can edit this ACL (say, by mistake) to break the access control policy. Ideally, we want though any member of staff can edit this page, but only some people with a special role can edit the ACL inside the page. I don't know whether this is possible in JSPWiki 2.6.2 or by some contributed plugin/filter. (If you know, please tell me! thanks!) So I propose use a filter to implement this: In the preSave method, if the current editor has the special role that allows him to handle ACL, the to-be-saved content is saved directly. Otherwise, any ACL in the to-be-saved content is ignored, and the current (official) ACLs are read from the current version of the page and appended to the to-be-saved content, before it is saved.
Hi Weijian, I don't know if it's been done before but this sounds like a good place to invest in some time developing a JSP for this purpose. You could use a menu and/or other features to limit what any given user is permitted to enter into the form or show them the permitted values. Having a bit more code behind any complicated feature can of course add its own issues but when security is involved this might be justified. If you've never written a JSP before take a peek at some of those in JSPWiki, as it might be easier than trying to accomplish this via a plugin, particularly if you're trying to do some form entry. Plugins can also be abused or instantiated in the wrong place, or more than once on a page, whereas a JSP is pretty safe in that regard. Hope this is helpful. Murray ........................................................................... Murray Altheim <murray07 at altheim.com> === = = http://www.altheim.com/murray/ = = === SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk = = = = Boundless wind and moon - the eye within eyes, Inexhaustible heaven and earth - the light beyond light, The willow dark, the flower bright - ten thousand houses, Knock at any door - there's one who will respond. -- The Blue Cliff Record
